Don’t leave your smartphone on the table at the coffee shop.
It’s sensible advice. And yet too many users do the equivalent of just that, even when what’s at stake goes way beyond unflattering selfies and nasty emails about friends.
A survey conducted by Osterman Research for enterprise identity management company Centrify suggests that many employees continue to ignore even the most basic security for their smartphones, putting sensitive enterprise data at risk.
According to the survey, 15 per cent of employees believe they had “none to minimal” responsibility to protect corporate data stored on their mobile devices. Ten per cent don’t even think about the security of the enterprise data on their devices more than a few times a year.
Ten percent of users still don’t have a password, PIN or other access-control mechanism in place on their devices. Centrify CEO Tom Kemp said in a release that “the odds are too great your phone will get lost or stolen, so it is somewhat equivalent to putting your ATM passcode on a piece of tape and taping it to your ATM card and leaving your ATM card on tables in restaurants.”
Conducted in March, the survey quizzed more than 500 respondents at North American organizations with more than 1,000 employees.
“The results show that even employees of large multinational corporations, who are consistently warned of the dangers to their data directly from their IT department, are not keeping security top of mind,” Michael Osterman, principal of Osterman Research, said in a release. “It is clear organizations need to continue to educate employees on the dangers and risks of mobile security but also look to solutions that safeguard the devices and applications which these employees have access to.”
Other findings:
- forty-five percent of enterprise employees have more than six third-party applications installed on their personal device;
- forty-three percent have accessed sensitive corporate data on their personal device while on an unsecured public network, such as the airport or a coffee shop;
- when they do lose an unprotected mobile device, “32 percent of respondents would rather contract the flu or go on vacation with their mother-in-law than tell their boss.”
By blurring the line between work and personal life, BYOD mobile device policies have contributed to this state of affairs, Centrify says on its web site. Employees who can understand and act on the need for information security while on a workplace computer are less likely to do so when that data’s on a platform they also use for recreation and to interact with friends and family.
Kemp noted that workspace separation technologies, such as Apple (Nasdaq: AAPL) and Samsung (Nasdaq: SSNLF) are adding to their products, should be more widely used. “Better education is needed, but also corporations should look to use ‘container’ or ‘workspace’ technologies on mobile devices that provide a dual persona on the device.”
More than 15 percent of respondents said they’ve had their personal account or password compromised. But Kemp says the real figure may be as high as 25 percent, as many users likely don’t even know if their password has been compromised. Others may simply not want to admit it even for a third-party survey.
Maybe they’re afraid they’ll get sent on that vacation with the mother-in-law.